https://issues.apache.org/bugzilla/show_bug.cgi?id=55593
Bug ID: 55593
Summary: Add "SSLServerInfoFile" directive for Certificate
Transparency, TACK, etc. (with OpenSSL 1.0.2)
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_ssl
Assignee: [email protected]
Reporter: [email protected]
Created attachment 30879
--> https://issues.apache.org/bugzilla/attachment.cgi?id=30879&action=edit
Diff to github trunk's of Sep 24 2013 454409553
Hi,
OpenSSL 1.0.2 will have a new command, "SSL_CTX_use_serverinfo_file(filename)".
This specifies a file of PEM blocks containing TLS ServerHello extension data.
The extension data items will be returned if the client sends a corresponding
ClientHello.
This allows support of Certificate Transparency (RFC 6962
SignedCertificateTimestampList) and TACK (draft-perrin-tls-tack-02
TackExtension).
It also allows easy experimentation with stapling other revocation or
authorization data into the TLS handshake (OCSP, DNSSEC, etc.).
We'd like to expose this file in Apache via a "SSLServerInfoFile" directive.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
